Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Mike Pagano <mpagano@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/linux-patches:5.16 commit in: /
Date: Mon, 28 Mar 2022 10:56:50
Message-Id: 1648464992.36e11aa7db4425eba57fe4d4db0ebe08713f85fe.mpagano@gentoo
1 commit: 36e11aa7db4425eba57fe4d4db0ebe08713f85fe
2 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org>
3 AuthorDate: Mon Mar 28 10:56:32 2022 +0000
4 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org>
5 CommitDate: Mon Mar 28 10:56:32 2022 +0000
6 URL: https://gitweb.gentoo.org/proj/linux-patches.git/commit/?id=36e11aa7
7
8 Linux patch 5.16.18
9
10 Signed-off-by: Mike Pagano <mpagano <AT> gentoo.org>
11
12 0000_README | 4 +
13 1017_linux-5.16.18.patch | 1327 ++++++++++++++++++++++++++++++++++++++++++++++
14 2 files changed, 1331 insertions(+)
15
16 diff --git a/0000_README b/0000_README
17 index dc43bdfb..ccfb3dab 100644
18 --- a/0000_README
19 +++ b/0000_README
20 @@ -111,6 +111,10 @@ Patch: 1016_linux-5.16.17.patch
21 From: http://www.kernel.org
22 Desc: Linux 5.16.17
23
24 +Patch: 1017_linux-5.16.18.patch
25 +From: http://www.kernel.org
26 +Desc: Linux 5.16.18
27 +
28 Patch: 1500_XATTR_USER_PREFIX.patch
29 From: https://bugs.gentoo.org/show_bug.cgi?id=470644
30 Desc: Support for namespace user.pax.* on tmpfs.
31
32 diff --git a/1017_linux-5.16.18.patch b/1017_linux-5.16.18.patch
33 new file mode 100644
34 index 00000000..38a460db
35 --- /dev/null
36 +++ b/1017_linux-5.16.18.patch
37 @@ -0,0 +1,1327 @@
38 +diff --git a/Makefile b/Makefile
39 +index 0ca39c16b3bfd..f47cecba0618b 100644
40 +--- a/Makefile
41 ++++ b/Makefile
42 +@@ -1,7 +1,7 @@
43 + # SPDX-License-Identifier: GPL-2.0
44 + VERSION = 5
45 + PATCHLEVEL = 16
46 +-SUBLEVEL = 17
47 ++SUBLEVEL = 18
48 + EXTRAVERSION =
49 + NAME = Gobble Gobble
50 +
51 +diff --git a/arch/csky/include/asm/uaccess.h b/arch/csky/include/asm/uaccess.h
52 +index c40f06ee8d3ef..ac5a54f57d407 100644
53 +--- a/arch/csky/include/asm/uaccess.h
54 ++++ b/arch/csky/include/asm/uaccess.h
55 +@@ -3,14 +3,13 @@
56 + #ifndef __ASM_CSKY_UACCESS_H
57 + #define __ASM_CSKY_UACCESS_H
58 +
59 +-#define user_addr_max() \
60 +- (uaccess_kernel() ? KERNEL_DS.seg : get_fs().seg)
61 ++#define user_addr_max() (current_thread_info()->addr_limit.seg)
62 +
63 + static inline int __access_ok(unsigned long addr, unsigned long size)
64 + {
65 +- unsigned long limit = current_thread_info()->addr_limit.seg;
66 ++ unsigned long limit = user_addr_max();
67 +
68 +- return ((addr < limit) && ((addr + size) < limit));
69 ++ return (size <= limit) && (addr <= (limit - size));
70 + }
71 + #define __access_ok __access_ok
72 +
73 +diff --git a/arch/hexagon/include/asm/uaccess.h b/arch/hexagon/include/asm/uaccess.h
74 +index ef5bfef8d490c..719ba3f3c45cd 100644
75 +--- a/arch/hexagon/include/asm/uaccess.h
76 ++++ b/arch/hexagon/include/asm/uaccess.h
77 +@@ -25,17 +25,17 @@
78 + * Returns true (nonzero) if the memory block *may* be valid, false (zero)
79 + * if it is definitely invalid.
80 + *
81 +- * User address space in Hexagon, like x86, goes to 0xbfffffff, so the
82 +- * simple MSB-based tests used by MIPS won't work. Some further
83 +- * optimization is probably possible here, but for now, keep it
84 +- * reasonably simple and not *too* slow. After all, we've got the
85 +- * MMU for backup.
86 + */
87 ++#define uaccess_kernel() (get_fs().seg == KERNEL_DS.seg)
88 ++#define user_addr_max() (uaccess_kernel() ? ~0UL : TASK_SIZE)
89 +
90 +-#define __access_ok(addr, size) \
91 +- ((get_fs().seg == KERNEL_DS.seg) || \
92 +- (((unsigned long)addr < get_fs().seg) && \
93 +- (unsigned long)size < (get_fs().seg - (unsigned long)addr)))
94 ++static inline int __access_ok(unsigned long addr, unsigned long size)
95 ++{
96 ++ unsigned long limit = TASK_SIZE;
97 ++
98 ++ return (size <= limit) && (addr <= (limit - size));
99 ++}
100 ++#define __access_ok __access_ok
101 +
102 + /*
103 + * When a kernel-mode page fault is taken, the faulting instruction
104 +diff --git a/arch/m68k/include/asm/uaccess.h b/arch/m68k/include/asm/uaccess.h
105 +index ba670523885c8..60b786eb2254e 100644
106 +--- a/arch/m68k/include/asm/uaccess.h
107 ++++ b/arch/m68k/include/asm/uaccess.h
108 +@@ -12,14 +12,17 @@
109 + #include <asm/extable.h>
110 +
111 + /* We let the MMU do all checking */
112 +-static inline int access_ok(const void __user *addr,
113 ++static inline int access_ok(const void __user *ptr,
114 + unsigned long size)
115 + {
116 +- /*
117 +- * XXX: for !CONFIG_CPU_HAS_ADDRESS_SPACES this really needs to check
118 +- * for TASK_SIZE!
119 +- */
120 +- return 1;
121 ++ unsigned long limit = TASK_SIZE;
122 ++ unsigned long addr = (unsigned long)ptr;
123 ++
124 ++ if (IS_ENABLED(CONFIG_CPU_HAS_ADDRESS_SPACES) ||
125 ++ !IS_ENABLED(CONFIG_MMU))
126 ++ return 1;
127 ++
128 ++ return (size <= limit) && (addr <= (limit - size));
129 + }
130 +
131 + /*
132 +diff --git a/arch/microblaze/include/asm/uaccess.h b/arch/microblaze/include/asm/uaccess.h
133 +index d2a8ef9f89787..5b6e0e7788f44 100644
134 +--- a/arch/microblaze/include/asm/uaccess.h
135 ++++ b/arch/microblaze/include/asm/uaccess.h
136 +@@ -39,24 +39,13 @@
137 +
138 + # define uaccess_kernel() (get_fs().seg == KERNEL_DS.seg)
139 +
140 +-static inline int access_ok(const void __user *addr, unsigned long size)
141 ++static inline int __access_ok(unsigned long addr, unsigned long size)
142 + {
143 +- if (!size)
144 +- goto ok;
145 ++ unsigned long limit = user_addr_max();
146 +
147 +- if ((get_fs().seg < ((unsigned long)addr)) ||
148 +- (get_fs().seg < ((unsigned long)addr + size - 1))) {
149 +- pr_devel("ACCESS fail at 0x%08x (size 0x%x), seg 0x%08x\n",
150 +- (__force u32)addr, (u32)size,
151 +- (u32)get_fs().seg);
152 +- return 0;
153 +- }
154 +-ok:
155 +- pr_devel("ACCESS OK at 0x%08x (size 0x%x), seg 0x%08x\n",
156 +- (__force u32)addr, (u32)size,
157 +- (u32)get_fs().seg);
158 +- return 1;
159 ++ return (size <= limit) && (addr <= (limit - size));
160 + }
161 ++#define access_ok(addr, size) __access_ok((unsigned long)addr, size)
162 +
163 + # define __FIXUP_SECTION ".section .fixup,\"ax\"\n"
164 + # define __EX_TABLE_SECTION ".section __ex_table,\"a\"\n"
165 +diff --git a/arch/nds32/include/asm/uaccess.h b/arch/nds32/include/asm/uaccess.h
166 +index d4cbf069dc224..37a40981deb3b 100644
167 +--- a/arch/nds32/include/asm/uaccess.h
168 ++++ b/arch/nds32/include/asm/uaccess.h
169 +@@ -70,9 +70,7 @@ static inline void set_fs(mm_segment_t fs)
170 + * versions are void (ie, don't return a value as such).
171 + */
172 +
173 +-#define get_user __get_user \
174 +-
175 +-#define __get_user(x, ptr) \
176 ++#define get_user(x, ptr) \
177 + ({ \
178 + long __gu_err = 0; \
179 + __get_user_check((x), (ptr), __gu_err); \
180 +@@ -85,6 +83,14 @@ static inline void set_fs(mm_segment_t fs)
181 + (void)0; \
182 + })
183 +
184 ++#define __get_user(x, ptr) \
185 ++({ \
186 ++ long __gu_err = 0; \
187 ++ const __typeof__(*(ptr)) __user *__p = (ptr); \
188 ++ __get_user_err((x), __p, (__gu_err)); \
189 ++ __gu_err; \
190 ++})
191 ++
192 + #define __get_user_check(x, ptr, err) \
193 + ({ \
194 + const __typeof__(*(ptr)) __user *__p = (ptr); \
195 +@@ -165,12 +171,18 @@ do { \
196 + : "r"(addr), "i"(-EFAULT) \
197 + : "cc")
198 +
199 +-#define put_user __put_user \
200 ++#define put_user(x, ptr) \
201 ++({ \
202 ++ long __pu_err = 0; \
203 ++ __put_user_check((x), (ptr), __pu_err); \
204 ++ __pu_err; \
205 ++})
206 +
207 + #define __put_user(x, ptr) \
208 + ({ \
209 + long __pu_err = 0; \
210 +- __put_user_err((x), (ptr), __pu_err); \
211 ++ __typeof__(*(ptr)) __user *__p = (ptr); \
212 ++ __put_user_err((x), __p, __pu_err); \
213 + __pu_err; \
214 + })
215 +
216 +diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c
217 +index 5b6d1a95776f0..0d01e7f5078c2 100644
218 +--- a/arch/x86/kernel/acpi/boot.c
219 ++++ b/arch/x86/kernel/acpi/boot.c
220 +@@ -1328,6 +1328,17 @@ static int __init disable_acpi_pci(const struct dmi_system_id *d)
221 + return 0;
222 + }
223 +
224 ++static int __init disable_acpi_xsdt(const struct dmi_system_id *d)
225 ++{
226 ++ if (!acpi_force) {
227 ++ pr_notice("%s detected: force use of acpi=rsdt\n", d->ident);
228 ++ acpi_gbl_do_not_use_xsdt = TRUE;
229 ++ } else {
230 ++ pr_notice("Warning: DMI blacklist says broken, but acpi XSDT forced\n");
231 ++ }
232 ++ return 0;
233 ++}
234 ++
235 + static int __init dmi_disable_acpi(const struct dmi_system_id *d)
236 + {
237 + if (!acpi_force) {
238 +@@ -1451,6 +1462,19 @@ static const struct dmi_system_id acpi_dmi_table[] __initconst = {
239 + DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
240 + },
241 + },
242 ++ /*
243 ++ * Boxes that need ACPI XSDT use disabled due to corrupted tables
244 ++ */
245 ++ {
246 ++ .callback = disable_acpi_xsdt,
247 ++ .ident = "Advantech DAC-BJ01",
248 ++ .matches = {
249 ++ DMI_MATCH(DMI_SYS_VENDOR, "NEC"),
250 ++ DMI_MATCH(DMI_PRODUCT_NAME, "Bearlake CRB Board"),
251 ++ DMI_MATCH(DMI_BIOS_VERSION, "V1.12"),
252 ++ DMI_MATCH(DMI_BIOS_DATE, "02/01/2011"),
253 ++ },
254 ++ },
255 + {}
256 + };
257 +
258 +diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c
259 +index ead0114f27c9f..56db7b4da5140 100644
260 +--- a/drivers/acpi/battery.c
261 ++++ b/drivers/acpi/battery.c
262 +@@ -60,6 +60,10 @@ MODULE_PARM_DESC(cache_time, "cache time in milliseconds");
263 +
264 + static const struct acpi_device_id battery_device_ids[] = {
265 + {"PNP0C0A", 0},
266 ++
267 ++ /* Microsoft Surface Go 3 */
268 ++ {"MSHW0146", 0},
269 ++
270 + {"", 0},
271 + };
272 +
273 +@@ -1177,6 +1181,14 @@ static const struct dmi_system_id bat_dmi_table[] __initconst = {
274 + DMI_MATCH(DMI_PRODUCT_VERSION, "ThinkPad"),
275 + },
276 + },
277 ++ {
278 ++ /* Microsoft Surface Go 3 */
279 ++ .callback = battery_notification_delay_quirk,
280 ++ .matches = {
281 ++ DMI_MATCH(DMI_SYS_VENDOR, "Microsoft Corporation"),
282 ++ DMI_MATCH(DMI_PRODUCT_NAME, "Surface Go 3"),
283 ++ },
284 ++ },
285 + {},
286 + };
287 +
288 +diff --git a/drivers/acpi/video_detect.c b/drivers/acpi/video_detect.c
289 +index 068e393ea0c67..be2ecdcedd9f0 100644
290 +--- a/drivers/acpi/video_detect.c
291 ++++ b/drivers/acpi/video_detect.c
292 +@@ -417,6 +417,81 @@ static const struct dmi_system_id video_detect_dmi_table[] = {
293 + DMI_MATCH(DMI_PRODUCT_NAME, "GA503"),
294 + },
295 + },
296 ++ /*
297 ++ * Clevo NL5xRU and NL5xNU/TUXEDO Aura 15 Gen1 and Gen2 have both a
298 ++ * working native and video interface. However the default detection
299 ++ * mechanism first registers the video interface before unregistering
300 ++ * it again and switching to the native interface during boot. This
301 ++ * results in a dangling SBIOS request for backlight change for some
302 ++ * reason, causing the backlight to switch to ~2% once per boot on the
303 ++ * first power cord connect or disconnect event. Setting the native
304 ++ * interface explicitly circumvents this buggy behaviour, by avoiding
305 ++ * the unregistering process.
306 ++ */
307 ++ {
308 ++ .callback = video_detect_force_native,
309 ++ .ident = "Clevo NL5xRU",
310 ++ .matches = {
311 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
312 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"),
313 ++ },
314 ++ },
315 ++ {
316 ++ .callback = video_detect_force_native,
317 ++ .ident = "Clevo NL5xRU",
318 ++ .matches = {
319 ++ DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"),
320 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"),
321 ++ },
322 ++ },
323 ++ {
324 ++ .callback = video_detect_force_native,
325 ++ .ident = "Clevo NL5xRU",
326 ++ .matches = {
327 ++ DMI_MATCH(DMI_SYS_VENDOR, "Notebook"),
328 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xRU"),
329 ++ },
330 ++ },
331 ++ {
332 ++ .callback = video_detect_force_native,
333 ++ .ident = "Clevo NL5xRU",
334 ++ .matches = {
335 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
336 ++ DMI_MATCH(DMI_BOARD_NAME, "AURA1501"),
337 ++ },
338 ++ },
339 ++ {
340 ++ .callback = video_detect_force_native,
341 ++ .ident = "Clevo NL5xRU",
342 ++ .matches = {
343 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
344 ++ DMI_MATCH(DMI_BOARD_NAME, "EDUBOOK1502"),
345 ++ },
346 ++ },
347 ++ {
348 ++ .callback = video_detect_force_native,
349 ++ .ident = "Clevo NL5xNU",
350 ++ .matches = {
351 ++ DMI_MATCH(DMI_SYS_VENDOR, "TUXEDO"),
352 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
353 ++ },
354 ++ },
355 ++ {
356 ++ .callback = video_detect_force_native,
357 ++ .ident = "Clevo NL5xNU",
358 ++ .matches = {
359 ++ DMI_MATCH(DMI_SYS_VENDOR, "SchenkerTechnologiesGmbH"),
360 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
361 ++ },
362 ++ },
363 ++ {
364 ++ .callback = video_detect_force_native,
365 ++ .ident = "Clevo NL5xNU",
366 ++ .matches = {
367 ++ DMI_MATCH(DMI_SYS_VENDOR, "Notebook"),
368 ++ DMI_MATCH(DMI_BOARD_NAME, "NL5xNU"),
369 ++ },
370 ++ },
371 +
372 + /*
373 + * Desktops which falsely report a backlight and which our heuristics
374 +diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c
375 +index ea72afb7abead..c1f1237ddc76f 100644
376 +--- a/drivers/bluetooth/btusb.c
377 ++++ b/drivers/bluetooth/btusb.c
378 +@@ -404,6 +404,8 @@ static const struct usb_device_id blacklist_table[] = {
379 + BTUSB_WIDEBAND_SPEECH },
380 +
381 + /* Realtek 8852AE Bluetooth devices */
382 ++ { USB_DEVICE(0x0bda, 0x2852), .driver_info = BTUSB_REALTEK |
383 ++ BTUSB_WIDEBAND_SPEECH },
384 + { USB_DEVICE(0x0bda, 0xc852), .driver_info = BTUSB_REALTEK |
385 + BTUSB_WIDEBAND_SPEECH },
386 + { USB_DEVICE(0x0bda, 0x385a), .driver_info = BTUSB_REALTEK |
387 +@@ -481,6 +483,8 @@ static const struct usb_device_id blacklist_table[] = {
388 + /* Additional Realtek 8761BU Bluetooth devices */
389 + { USB_DEVICE(0x0b05, 0x190e), .driver_info = BTUSB_REALTEK |
390 + BTUSB_WIDEBAND_SPEECH },
391 ++ { USB_DEVICE(0x2550, 0x8761), .driver_info = BTUSB_REALTEK |
392 ++ BTUSB_WIDEBAND_SPEECH },
393 +
394 + /* Additional Realtek 8821AE Bluetooth devices */
395 + { USB_DEVICE(0x0b05, 0x17dc), .driver_info = BTUSB_REALTEK },
396 +diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-common.c
397 +index c08cbb306636b..dc4c0a0a51290 100644
398 +--- a/drivers/char/tpm/tpm-dev-common.c
399 ++++ b/drivers/char/tpm/tpm-dev-common.c
400 +@@ -69,7 +69,13 @@ static void tpm_dev_async_work(struct work_struct *work)
401 + ret = tpm_dev_transmit(priv->chip, priv->space, priv->data_buffer,
402 + sizeof(priv->data_buffer));
403 + tpm_put_ops(priv->chip);
404 +- if (ret > 0) {
405 ++
406 ++ /*
407 ++ * If ret is > 0 then tpm_dev_transmit returned the size of the
408 ++ * response. If ret is < 0 then tpm_dev_transmit failed and
409 ++ * returned an error code.
410 ++ */
411 ++ if (ret != 0) {
412 + priv->response_length = ret;
413 + mod_timer(&priv->user_read_timer, jiffies + (120 * HZ));
414 + }
415 +diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
416 +index 97e916856cf3e..d2225020e4d2c 100644
417 +--- a/drivers/char/tpm/tpm2-space.c
418 ++++ b/drivers/char/tpm/tpm2-space.c
419 +@@ -58,12 +58,12 @@ int tpm2_init_space(struct tpm_space *space, unsigned int buf_size)
420 +
421 + void tpm2_del_space(struct tpm_chip *chip, struct tpm_space *space)
422 + {
423 +- mutex_lock(&chip->tpm_mutex);
424 +- if (!tpm_chip_start(chip)) {
425 ++
426 ++ if (tpm_try_get_ops(chip) == 0) {
427 + tpm2_flush_sessions(chip, space);
428 +- tpm_chip_stop(chip);
429 ++ tpm_put_ops(chip);
430 + }
431 +- mutex_unlock(&chip->tpm_mutex);
432 ++
433 + kfree(space->context_buf);
434 + kfree(space->session_buf);
435 + }
436 +diff --git a/drivers/crypto/qat/qat_4xxx/adf_drv.c b/drivers/crypto/qat/qat_4xxx/adf_drv.c
437 +index 71ef065914b22..c8dfc32084ec5 100644
438 +--- a/drivers/crypto/qat/qat_4xxx/adf_drv.c
439 ++++ b/drivers/crypto/qat/qat_4xxx/adf_drv.c
440 +@@ -52,6 +52,13 @@ static int adf_crypto_dev_config(struct adf_accel_dev *accel_dev)
441 + if (ret)
442 + goto err;
443 +
444 ++ /* Temporarily set the number of crypto instances to zero to avoid
445 ++ * registering the crypto algorithms.
446 ++ * This will be removed when the algorithms will support the
447 ++ * CRYPTO_TFM_REQ_MAY_BACKLOG flag
448 ++ */
449 ++ instances = 0;
450 ++
451 + for (i = 0; i < instances; i++) {
452 + val = i;
453 + bank = i * 2;
454 +diff --git a/drivers/crypto/qat/qat_common/qat_crypto.c b/drivers/crypto/qat/qat_common/qat_crypto.c
455 +index ece6776fbd53d..3efbb38836010 100644
456 +--- a/drivers/crypto/qat/qat_common/qat_crypto.c
457 ++++ b/drivers/crypto/qat/qat_common/qat_crypto.c
458 +@@ -136,6 +136,13 @@ int qat_crypto_dev_config(struct adf_accel_dev *accel_dev)
459 + if (ret)
460 + goto err;
461 +
462 ++ /* Temporarily set the number of crypto instances to zero to avoid
463 ++ * registering the crypto algorithms.
464 ++ * This will be removed when the algorithms will support the
465 ++ * CRYPTO_TFM_REQ_MAY_BACKLOG flag
466 ++ */
467 ++ instances = 0;
468 ++
469 + for (i = 0; i < instances; i++) {
470 + val = i;
471 + snprintf(key, sizeof(key), ADF_CY "%d" ADF_RING_ASYM_BANK_NUM, i);
472 +diff --git a/drivers/gpu/drm/virtio/virtgpu_gem.c b/drivers/gpu/drm/virtio/virtgpu_gem.c
473 +index 2de61b63ef91d..48d3c9955f0dd 100644
474 +--- a/drivers/gpu/drm/virtio/virtgpu_gem.c
475 ++++ b/drivers/gpu/drm/virtio/virtgpu_gem.c
476 +@@ -248,6 +248,9 @@ void virtio_gpu_array_put_free(struct virtio_gpu_object_array *objs)
477 + {
478 + u32 i;
479 +
480 ++ if (!objs)
481 ++ return;
482 ++
483 + for (i = 0; i < objs->nents; i++)
484 + drm_gem_object_put(objs->objs[i]);
485 + virtio_gpu_array_free(objs);
486 +diff --git a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
487 +index 220dc42af31ae..9c593f8e05f8d 100644
488 +--- a/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
489 ++++ b/drivers/net/ethernet/apm/xgene/xgene_enet_main.c
490 +@@ -696,6 +696,12 @@ static int xgene_enet_rx_frame(struct xgene_enet_desc_ring *rx_ring,
491 + buf_pool->rx_skb[skb_index] = NULL;
492 +
493 + datalen = xgene_enet_get_data_len(le64_to_cpu(raw_desc->m1));
494 ++
495 ++ /* strip off CRC as HW isn't doing this */
496 ++ nv = GET_VAL(NV, le64_to_cpu(raw_desc->m0));
497 ++ if (!nv)
498 ++ datalen -= 4;
499 ++
500 + skb_put(skb, datalen);
501 + prefetch(skb->data - NET_IP_ALIGN);
502 + skb->protocol = eth_type_trans(skb, ndev);
503 +@@ -717,12 +723,8 @@ static int xgene_enet_rx_frame(struct xgene_enet_desc_ring *rx_ring,
504 + }
505 + }
506 +
507 +- nv = GET_VAL(NV, le64_to_cpu(raw_desc->m0));
508 +- if (!nv) {
509 +- /* strip off CRC as HW isn't doing this */
510 +- datalen -= 4;
511 ++ if (!nv)
512 + goto skip_jumbo;
513 +- }
514 +
515 + slots = page_pool->slots - 1;
516 + head = page_pool->head;
517 +diff --git a/drivers/net/wireless/ath/regd.c b/drivers/net/wireless/ath/regd.c
518 +index b2400e2417a55..f15e7bd690b5b 100644
519 +--- a/drivers/net/wireless/ath/regd.c
520 ++++ b/drivers/net/wireless/ath/regd.c
521 +@@ -667,14 +667,14 @@ ath_regd_init_wiphy(struct ath_regulatory *reg,
522 +
523 + /*
524 + * Some users have reported their EEPROM programmed with
525 +- * 0x8000 or 0x0 set, this is not a supported regulatory
526 +- * domain but since we have more than one user with it we
527 +- * need a solution for them. We default to 0x64, which is
528 +- * the default Atheros world regulatory domain.
529 ++ * 0x8000 set, this is not a supported regulatory domain
530 ++ * but since we have more than one user with it we need
531 ++ * a solution for them. We default to 0x64, which is the
532 ++ * default Atheros world regulatory domain.
533 + */
534 + static void ath_regd_sanitize(struct ath_regulatory *reg)
535 + {
536 +- if (reg->current_rd != COUNTRY_ERD_FLAG && reg->current_rd != 0)
537 ++ if (reg->current_rd != COUNTRY_ERD_FLAG)
538 + return;
539 + printk(KERN_DEBUG "ath: EEPROM regdomain sanitized\n");
540 + reg->current_rd = 0x64;
541 +diff --git a/drivers/net/wireless/ath/wcn36xx/main.c b/drivers/net/wireless/ath/wcn36xx/main.c
542 +index 0747c27f3bd75..6213aa7d75215 100644
543 +--- a/drivers/net/wireless/ath/wcn36xx/main.c
544 ++++ b/drivers/net/wireless/ath/wcn36xx/main.c
545 +@@ -1483,6 +1483,9 @@ static int wcn36xx_platform_get_resources(struct wcn36xx *wcn,
546 + if (iris_node) {
547 + if (of_device_is_compatible(iris_node, "qcom,wcn3620"))
548 + wcn->rf_id = RF_IRIS_WCN3620;
549 ++ if (of_device_is_compatible(iris_node, "qcom,wcn3660") ||
550 ++ of_device_is_compatible(iris_node, "qcom,wcn3660b"))
551 ++ wcn->rf_id = RF_IRIS_WCN3660;
552 + if (of_device_is_compatible(iris_node, "qcom,wcn3680"))
553 + wcn->rf_id = RF_IRIS_WCN3680;
554 + of_node_put(iris_node);
555 +diff --git a/drivers/net/wireless/ath/wcn36xx/wcn36xx.h b/drivers/net/wireless/ath/wcn36xx/wcn36xx.h
556 +index fbd0558c2c196..5d3f8f56e5681 100644
557 +--- a/drivers/net/wireless/ath/wcn36xx/wcn36xx.h
558 ++++ b/drivers/net/wireless/ath/wcn36xx/wcn36xx.h
559 +@@ -97,6 +97,7 @@ enum wcn36xx_ampdu_state {
560 +
561 + #define RF_UNKNOWN 0x0000
562 + #define RF_IRIS_WCN3620 0x3620
563 ++#define RF_IRIS_WCN3660 0x3660
564 + #define RF_IRIS_WCN3680 0x3680
565 +
566 + static inline void buff_to_be(u32 *buf, size_t len)
567 +diff --git a/drivers/nfc/st21nfca/se.c b/drivers/nfc/st21nfca/se.c
568 +index a43fc4117fa57..c922f10d0d7b9 100644
569 +--- a/drivers/nfc/st21nfca/se.c
570 ++++ b/drivers/nfc/st21nfca/se.c
571 +@@ -316,6 +316,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host,
572 + return -ENOMEM;
573 +
574 + transaction->aid_len = skb->data[1];
575 ++
576 ++ /* Checking if the length of the AID is valid */
577 ++ if (transaction->aid_len > sizeof(transaction->aid))
578 ++ return -EINVAL;
579 ++
580 + memcpy(transaction->aid, &skb->data[2],
581 + transaction->aid_len);
582 +
583 +@@ -325,6 +330,11 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host,
584 + return -EPROTO;
585 +
586 + transaction->params_len = skb->data[transaction->aid_len + 3];
587 ++
588 ++ /* Total size is allocated (skb->len - 2) minus fixed array members */
589 ++ if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction)))
590 ++ return -EINVAL;
591 ++
592 + memcpy(transaction->params, skb->data +
593 + transaction->aid_len + 4, transaction->params_len);
594 +
595 +diff --git a/include/sound/pcm.h b/include/sound/pcm.h
596 +index 33451f8ff755b..2018b7512d3d5 100644
597 +--- a/include/sound/pcm.h
598 ++++ b/include/sound/pcm.h
599 +@@ -398,6 +398,7 @@ struct snd_pcm_runtime {
600 + wait_queue_head_t tsleep; /* transfer sleep */
601 + struct fasync_struct *fasync;
602 + bool stop_operating; /* sync_stop will be called */
603 ++ struct mutex buffer_mutex; /* protect for buffer changes */
604 +
605 + /* -- private section -- */
606 + void *private_data;
607 +diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
608 +index 5199559fbbf0c..674555be5a6ca 100644
609 +--- a/kernel/rcu/tree_plugin.h
610 ++++ b/kernel/rcu/tree_plugin.h
611 +@@ -554,16 +554,16 @@ rcu_preempt_deferred_qs_irqrestore(struct task_struct *t, unsigned long flags)
612 + raw_spin_unlock_irqrestore_rcu_node(rnp, flags);
613 + }
614 +
615 +- /* Unboost if we were boosted. */
616 +- if (IS_ENABLED(CONFIG_RCU_BOOST) && drop_boost_mutex)
617 +- rt_mutex_futex_unlock(&rnp->boost_mtx.rtmutex);
618 +-
619 + /*
620 + * If this was the last task on the expedited lists,
621 + * then we need to report up the rcu_node hierarchy.
622 + */
623 + if (!empty_exp && empty_exp_now)
624 + rcu_report_exp_rnp(rnp, true);
625 ++
626 ++ /* Unboost if we were boosted. */
627 ++ if (IS_ENABLED(CONFIG_RCU_BOOST) && drop_boost_mutex)
628 ++ rt_mutex_futex_unlock(&rnp->boost_mtx.rtmutex);
629 + } else {
630 + local_irq_restore(flags);
631 + }
632 +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
633 +index 61970fd839c36..8aaf9cf3d74a7 100644
634 +--- a/net/ipv6/ip6_output.c
635 ++++ b/net/ipv6/ip6_output.c
636 +@@ -1476,8 +1476,8 @@ static int __ip6_append_data(struct sock *sk,
637 + sizeof(struct frag_hdr) : 0) +
638 + rt->rt6i_nfheader_len;
639 +
640 +- if (mtu < fragheaderlen ||
641 +- ((mtu - fragheaderlen) & ~7) + fragheaderlen < sizeof(struct frag_hdr))
642 ++ if (mtu <= fragheaderlen ||
643 ++ ((mtu - fragheaderlen) & ~7) + fragheaderlen <= sizeof(struct frag_hdr))
644 + goto emsgsize;
645 +
646 + maxfraglen = ((mtu - fragheaderlen) & ~7) + fragheaderlen -
647 +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
648 +index 3086f4a6ae683..99305aadaa087 100644
649 +--- a/net/llc/af_llc.c
650 ++++ b/net/llc/af_llc.c
651 +@@ -275,6 +275,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
652 + {
653 + struct sock *sk = sock->sk;
654 + struct llc_sock *llc = llc_sk(sk);
655 ++ struct net_device *dev = NULL;
656 + struct llc_sap *sap;
657 + int rc = -EINVAL;
658 +
659 +@@ -286,14 +287,14 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
660 + goto out;
661 + rc = -ENODEV;
662 + if (sk->sk_bound_dev_if) {
663 +- llc->dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if);
664 +- if (llc->dev && addr->sllc_arphrd != llc->dev->type) {
665 +- dev_put(llc->dev);
666 +- llc->dev = NULL;
667 ++ dev = dev_get_by_index(&init_net, sk->sk_bound_dev_if);
668 ++ if (dev && addr->sllc_arphrd != dev->type) {
669 ++ dev_put(dev);
670 ++ dev = NULL;
671 + }
672 + } else
673 +- llc->dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
674 +- if (!llc->dev)
675 ++ dev = dev_getfirstbyhwtype(&init_net, addr->sllc_arphrd);
676 ++ if (!dev)
677 + goto out;
678 + rc = -EUSERS;
679 + llc->laddr.lsap = llc_ui_autoport();
680 +@@ -303,6 +304,11 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
681 + sap = llc_sap_open(llc->laddr.lsap, NULL);
682 + if (!sap)
683 + goto out;
684 ++
685 ++ /* Note: We do not expect errors from this point. */
686 ++ llc->dev = dev;
687 ++ dev = NULL;
688 ++
689 + memcpy(llc->laddr.mac, llc->dev->dev_addr, IFHWADDRLEN);
690 + memcpy(&llc->addr, addr, sizeof(llc->addr));
691 + /* assign new connection to its SAP */
692 +@@ -310,6 +316,7 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
693 + sock_reset_flag(sk, SOCK_ZAPPED);
694 + rc = 0;
695 + out:
696 ++ dev_put(dev);
697 + return rc;
698 + }
699 +
700 +@@ -332,6 +339,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
701 + struct sockaddr_llc *addr = (struct sockaddr_llc *)uaddr;
702 + struct sock *sk = sock->sk;
703 + struct llc_sock *llc = llc_sk(sk);
704 ++ struct net_device *dev = NULL;
705 + struct llc_sap *sap;
706 + int rc = -EINVAL;
707 +
708 +@@ -347,25 +355,27 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
709 + rc = -ENODEV;
710 + rcu_read_lock();
711 + if (sk->sk_bound_dev_if) {
712 +- llc->dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if);
713 +- if (llc->dev) {
714 ++ dev = dev_get_by_index_rcu(&init_net, sk->sk_bound_dev_if);
715 ++ if (dev) {
716 + if (is_zero_ether_addr(addr->sllc_mac))
717 +- memcpy(addr->sllc_mac, llc->dev->dev_addr,
718 ++ memcpy(addr->sllc_mac, dev->dev_addr,
719 + IFHWADDRLEN);
720 +- if (addr->sllc_arphrd != llc->dev->type ||
721 ++ if (addr->sllc_arphrd != dev->type ||
722 + !ether_addr_equal(addr->sllc_mac,
723 +- llc->dev->dev_addr)) {
724 ++ dev->dev_addr)) {
725 + rc = -EINVAL;
726 +- llc->dev = NULL;
727 ++ dev = NULL;
728 + }
729 + }
730 +- } else
731 +- llc->dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd,
732 ++ } else {
733 ++ dev = dev_getbyhwaddr_rcu(&init_net, addr->sllc_arphrd,
734 + addr->sllc_mac);
735 +- dev_hold(llc->dev);
736 ++ }
737 ++ dev_hold(dev);
738 + rcu_read_unlock();
739 +- if (!llc->dev)
740 ++ if (!dev)
741 + goto out;
742 ++
743 + if (!addr->sllc_sap) {
744 + rc = -EUSERS;
745 + addr->sllc_sap = llc_ui_autoport();
746 +@@ -397,6 +407,11 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
747 + goto out_put;
748 + }
749 + }
750 ++
751 ++ /* Note: We do not expect errors from this point. */
752 ++ llc->dev = dev;
753 ++ dev = NULL;
754 ++
755 + llc->laddr.lsap = addr->sllc_sap;
756 + memcpy(llc->laddr.mac, addr->sllc_mac, IFHWADDRLEN);
757 + memcpy(&llc->addr, addr, sizeof(llc->addr));
758 +@@ -407,6 +422,7 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
759 + out_put:
760 + llc_sap_put(sap);
761 + out:
762 ++ dev_put(dev);
763 + release_sock(sk);
764 + return rc;
765 + }
766 +diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
767 +index 2d0dd69f9753c..19d257f657ead 100644
768 +--- a/net/mac80211/cfg.c
769 ++++ b/net/mac80211/cfg.c
770 +@@ -2148,14 +2148,12 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
771 + const struct mesh_setup *setup)
772 + {
773 + u8 *new_ie;
774 +- const u8 *old_ie;
775 + struct ieee80211_sub_if_data *sdata = container_of(ifmsh,
776 + struct ieee80211_sub_if_data, u.mesh);
777 + int i;
778 +
779 + /* allocate information elements */
780 + new_ie = NULL;
781 +- old_ie = ifmsh->ie;
782 +
783 + if (setup->ie_len) {
784 + new_ie = kmemdup(setup->ie, setup->ie_len,
785 +@@ -2165,7 +2163,6 @@ static int copy_mesh_setup(struct ieee80211_if_mesh *ifmsh,
786 + }
787 + ifmsh->ie_len = setup->ie_len;
788 + ifmsh->ie = new_ie;
789 +- kfree(old_ie);
790 +
791 + /* now copy the rest of the setup parameters */
792 + ifmsh->mesh_id_len = setup->mesh_id_len;
793 +diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
794 +index 2b2e0210a7f9e..3e7f97a707217 100644
795 +--- a/net/netfilter/nf_tables_api.c
796 ++++ b/net/netfilter/nf_tables_api.c
797 +@@ -9208,17 +9208,23 @@ int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest)
798 + }
799 + EXPORT_SYMBOL_GPL(nft_parse_u32_check);
800 +
801 +-static unsigned int nft_parse_register(const struct nlattr *attr)
802 ++static unsigned int nft_parse_register(const struct nlattr *attr, u32 *preg)
803 + {
804 + unsigned int reg;
805 +
806 + reg = ntohl(nla_get_be32(attr));
807 + switch (reg) {
808 + case NFT_REG_VERDICT...NFT_REG_4:
809 +- return reg * NFT_REG_SIZE / NFT_REG32_SIZE;
810 ++ *preg = reg * NFT_REG_SIZE / NFT_REG32_SIZE;
811 ++ break;
812 ++ case NFT_REG32_00...NFT_REG32_15:
813 ++ *preg = reg + NFT_REG_SIZE / NFT_REG32_SIZE - NFT_REG32_00;
814 ++ break;
815 + default:
816 +- return reg + NFT_REG_SIZE / NFT_REG32_SIZE - NFT_REG32_00;
817 ++ return -ERANGE;
818 + }
819 ++
820 ++ return 0;
821 + }
822 +
823 + /**
824 +@@ -9260,7 +9266,10 @@ int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len)
825 + u32 reg;
826 + int err;
827 +
828 +- reg = nft_parse_register(attr);
829 ++ err = nft_parse_register(attr, &reg);
830 ++ if (err < 0)
831 ++ return err;
832 ++
833 + err = nft_validate_register_load(reg, len);
834 + if (err < 0)
835 + return err;
836 +@@ -9315,7 +9324,10 @@ int nft_parse_register_store(const struct nft_ctx *ctx,
837 + int err;
838 + u32 reg;
839 +
840 +- reg = nft_parse_register(attr);
841 ++ err = nft_parse_register(attr, &reg);
842 ++ if (err < 0)
843 ++ return err;
844 ++
845 + err = nft_validate_register_store(ctx, reg, data, type, len);
846 + if (err < 0)
847 + return err;
848 +diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
849 +index adc3480560767..d4d8f613af512 100644
850 +--- a/net/netfilter/nf_tables_core.c
851 ++++ b/net/netfilter/nf_tables_core.c
852 +@@ -162,7 +162,7 @@ nft_do_chain(struct nft_pktinfo *pkt, void *priv)
853 + struct nft_rule *const *rules;
854 + const struct nft_rule *rule;
855 + const struct nft_expr *expr, *last;
856 +- struct nft_regs regs;
857 ++ struct nft_regs regs = {};
858 + unsigned int stackptr = 0;
859 + struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE];
860 + bool genbit = READ_ONCE(net->nft.gencursor);
861 +diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c
862 +index 3ee9edf858156..f158f0abd25d8 100644
863 +--- a/sound/core/oss/pcm_oss.c
864 ++++ b/sound/core/oss/pcm_oss.c
865 +@@ -774,6 +774,11 @@ static int snd_pcm_oss_period_size(struct snd_pcm_substream *substream,
866 +
867 + if (oss_period_size < 16)
868 + return -EINVAL;
869 ++
870 ++ /* don't allocate too large period; 1MB period must be enough */
871 ++ if (oss_period_size > 1024 * 1024)
872 ++ return -ENOMEM;
873 ++
874 + runtime->oss.period_bytes = oss_period_size;
875 + runtime->oss.period_frames = 1;
876 + runtime->oss.periods = oss_periods;
877 +@@ -1043,10 +1048,9 @@ static int snd_pcm_oss_change_params_locked(struct snd_pcm_substream *substream)
878 + goto failure;
879 + }
880 + #endif
881 +- oss_period_size *= oss_frame_size;
882 +-
883 +- oss_buffer_size = oss_period_size * runtime->oss.periods;
884 +- if (oss_buffer_size < 0) {
885 ++ oss_period_size = array_size(oss_period_size, oss_frame_size);
886 ++ oss_buffer_size = array_size(oss_period_size, runtime->oss.periods);
887 ++ if (oss_buffer_size <= 0) {
888 + err = -EINVAL;
889 + goto failure;
890 + }
891 +diff --git a/sound/core/oss/pcm_plugin.c b/sound/core/oss/pcm_plugin.c
892 +index 061ba06bc9262..82e180c776ae1 100644
893 +--- a/sound/core/oss/pcm_plugin.c
894 ++++ b/sound/core/oss/pcm_plugin.c
895 +@@ -62,7 +62,10 @@ static int snd_pcm_plugin_alloc(struct snd_pcm_plugin *plugin, snd_pcm_uframes_t
896 + width = snd_pcm_format_physical_width(format->format);
897 + if (width < 0)
898 + return width;
899 +- size = frames * format->channels * width;
900 ++ size = array3_size(frames, format->channels, width);
901 ++ /* check for too large period size once again */
902 ++ if (size > 1024 * 1024)
903 ++ return -ENOMEM;
904 + if (snd_BUG_ON(size % 8))
905 + return -ENXIO;
906 + size /= 8;
907 +diff --git a/sound/core/pcm.c b/sound/core/pcm.c
908 +index ba4a987ed1c62..edd9849210f2d 100644
909 +--- a/sound/core/pcm.c
910 ++++ b/sound/core/pcm.c
911 +@@ -969,6 +969,7 @@ int snd_pcm_attach_substream(struct snd_pcm *pcm, int stream,
912 + init_waitqueue_head(&runtime->tsleep);
913 +
914 + runtime->status->state = SNDRV_PCM_STATE_OPEN;
915 ++ mutex_init(&runtime->buffer_mutex);
916 +
917 + substream->runtime = runtime;
918 + substream->private_data = pcm->private_data;
919 +@@ -1002,6 +1003,7 @@ void snd_pcm_detach_substream(struct snd_pcm_substream *substream)
920 + } else {
921 + substream->runtime = NULL;
922 + }
923 ++ mutex_destroy(&runtime->buffer_mutex);
924 + kfree(runtime);
925 + put_pid(substream->pid);
926 + substream->pid = NULL;
927 +diff --git a/sound/core/pcm_lib.c b/sound/core/pcm_lib.c
928 +index 4f4b4739f9871..27ee0a0bee04a 100644
929 +--- a/sound/core/pcm_lib.c
930 ++++ b/sound/core/pcm_lib.c
931 +@@ -1906,9 +1906,11 @@ static int wait_for_avail(struct snd_pcm_substream *substream,
932 + if (avail >= runtime->twake)
933 + break;
934 + snd_pcm_stream_unlock_irq(substream);
935 ++ mutex_unlock(&runtime->buffer_mutex);
936 +
937 + tout = schedule_timeout(wait_time);
938 +
939 ++ mutex_lock(&runtime->buffer_mutex);
940 + snd_pcm_stream_lock_irq(substream);
941 + set_current_state(TASK_INTERRUPTIBLE);
942 + switch (runtime->status->state) {
943 +@@ -2202,6 +2204,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(struct snd_pcm_substream *substream,
944 +
945 + nonblock = !!(substream->f_flags & O_NONBLOCK);
946 +
947 ++ mutex_lock(&runtime->buffer_mutex);
948 + snd_pcm_stream_lock_irq(substream);
949 + err = pcm_accessible_state(runtime);
950 + if (err < 0)
951 +@@ -2293,6 +2296,7 @@ snd_pcm_sframes_t __snd_pcm_lib_xfer(struct snd_pcm_substream *substream,
952 + if (xfer > 0 && err >= 0)
953 + snd_pcm_update_state(substream, runtime);
954 + snd_pcm_stream_unlock_irq(substream);
955 ++ mutex_unlock(&runtime->buffer_mutex);
956 + return xfer > 0 ? (snd_pcm_sframes_t)xfer : err;
957 + }
958 + EXPORT_SYMBOL(__snd_pcm_lib_xfer);
959 +diff --git a/sound/core/pcm_memory.c b/sound/core/pcm_memory.c
960 +index b70ce3b69ab4d..8848d2f3160d8 100644
961 +--- a/sound/core/pcm_memory.c
962 ++++ b/sound/core/pcm_memory.c
963 +@@ -163,19 +163,20 @@ static void snd_pcm_lib_preallocate_proc_write(struct snd_info_entry *entry,
964 + size_t size;
965 + struct snd_dma_buffer new_dmab;
966 +
967 ++ mutex_lock(&substream->pcm->open_mutex);
968 + if (substream->runtime) {
969 + buffer->error = -EBUSY;
970 +- return;
971 ++ goto unlock;
972 + }
973 + if (!snd_info_get_line(buffer, line, sizeof(line))) {
974 + snd_info_get_str(str, line, sizeof(str));
975 + size = simple_strtoul(str, NULL, 10) * 1024;
976 + if ((size != 0 && size < 8192) || size > substream->dma_max) {
977 + buffer->error = -EINVAL;
978 +- return;
979 ++ goto unlock;
980 + }
981 + if (substream->dma_buffer.bytes == size)
982 +- return;
983 ++ goto unlock;
984 + memset(&new_dmab, 0, sizeof(new_dmab));
985 + new_dmab.dev = substream->dma_buffer.dev;
986 + if (size > 0) {
987 +@@ -189,7 +190,7 @@ static void snd_pcm_lib_preallocate_proc_write(struct snd_info_entry *entry,
988 + substream->pcm->card->number, substream->pcm->device,
989 + substream->stream ? 'c' : 'p', substream->number,
990 + substream->pcm->name, size);
991 +- return;
992 ++ goto unlock;
993 + }
994 + substream->buffer_bytes_max = size;
995 + } else {
996 +@@ -201,6 +202,8 @@ static void snd_pcm_lib_preallocate_proc_write(struct snd_info_entry *entry,
997 + } else {
998 + buffer->error = -EINVAL;
999 + }
1000 ++ unlock:
1001 ++ mutex_unlock(&substream->pcm->open_mutex);
1002 + }
1003 +
1004 + static inline void preallocate_info_init(struct snd_pcm_substream *substream)
1005 +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
1006 +index 621883e711949..3cfae44c6b722 100644
1007 +--- a/sound/core/pcm_native.c
1008 ++++ b/sound/core/pcm_native.c
1009 +@@ -672,33 +672,40 @@ static int snd_pcm_hw_params_choose(struct snd_pcm_substream *pcm,
1010 + return 0;
1011 + }
1012 +
1013 ++#if IS_ENABLED(CONFIG_SND_PCM_OSS)
1014 ++#define is_oss_stream(substream) ((substream)->oss.oss)
1015 ++#else
1016 ++#define is_oss_stream(substream) false
1017 ++#endif
1018 ++
1019 + static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
1020 + struct snd_pcm_hw_params *params)
1021 + {
1022 + struct snd_pcm_runtime *runtime;
1023 +- int err, usecs;
1024 ++ int err = 0, usecs;
1025 + unsigned int bits;
1026 + snd_pcm_uframes_t frames;
1027 +
1028 + if (PCM_RUNTIME_CHECK(substream))
1029 + return -ENXIO;
1030 + runtime = substream->runtime;
1031 ++ mutex_lock(&runtime->buffer_mutex);
1032 + snd_pcm_stream_lock_irq(substream);
1033 + switch (runtime->status->state) {
1034 + case SNDRV_PCM_STATE_OPEN:
1035 + case SNDRV_PCM_STATE_SETUP:
1036 + case SNDRV_PCM_STATE_PREPARED:
1037 ++ if (!is_oss_stream(substream) &&
1038 ++ atomic_read(&substream->mmap_count))
1039 ++ err = -EBADFD;
1040 + break;
1041 + default:
1042 +- snd_pcm_stream_unlock_irq(substream);
1043 +- return -EBADFD;
1044 ++ err = -EBADFD;
1045 ++ break;
1046 + }
1047 + snd_pcm_stream_unlock_irq(substream);
1048 +-#if IS_ENABLED(CONFIG_SND_PCM_OSS)
1049 +- if (!substream->oss.oss)
1050 +-#endif
1051 +- if (atomic_read(&substream->mmap_count))
1052 +- return -EBADFD;
1053 ++ if (err)
1054 ++ goto unlock;
1055 +
1056 + snd_pcm_sync_stop(substream, true);
1057 +
1058 +@@ -786,16 +793,21 @@ static int snd_pcm_hw_params(struct snd_pcm_substream *substream,
1059 + if (usecs >= 0)
1060 + cpu_latency_qos_add_request(&substream->latency_pm_qos_req,
1061 + usecs);
1062 +- return 0;
1063 ++ err = 0;
1064 + _error:
1065 +- /* hardware might be unusable from this time,
1066 +- so we force application to retry to set
1067 +- the correct hardware parameter settings */
1068 +- snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
1069 +- if (substream->ops->hw_free != NULL)
1070 +- substream->ops->hw_free(substream);
1071 +- if (substream->managed_buffer_alloc)
1072 +- snd_pcm_lib_free_pages(substream);
1073 ++ if (err) {
1074 ++ /* hardware might be unusable from this time,
1075 ++ * so we force application to retry to set
1076 ++ * the correct hardware parameter settings
1077 ++ */
1078 ++ snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
1079 ++ if (substream->ops->hw_free != NULL)
1080 ++ substream->ops->hw_free(substream);
1081 ++ if (substream->managed_buffer_alloc)
1082 ++ snd_pcm_lib_free_pages(substream);
1083 ++ }
1084 ++ unlock:
1085 ++ mutex_unlock(&runtime->buffer_mutex);
1086 + return err;
1087 + }
1088 +
1089 +@@ -835,26 +847,31 @@ static int do_hw_free(struct snd_pcm_substream *substream)
1090 + static int snd_pcm_hw_free(struct snd_pcm_substream *substream)
1091 + {
1092 + struct snd_pcm_runtime *runtime;
1093 +- int result;
1094 ++ int result = 0;
1095 +
1096 + if (PCM_RUNTIME_CHECK(substream))
1097 + return -ENXIO;
1098 + runtime = substream->runtime;
1099 ++ mutex_lock(&runtime->buffer_mutex);
1100 + snd_pcm_stream_lock_irq(substream);
1101 + switch (runtime->status->state) {
1102 + case SNDRV_PCM_STATE_SETUP:
1103 + case SNDRV_PCM_STATE_PREPARED:
1104 ++ if (atomic_read(&substream->mmap_count))
1105 ++ result = -EBADFD;
1106 + break;
1107 + default:
1108 +- snd_pcm_stream_unlock_irq(substream);
1109 +- return -EBADFD;
1110 ++ result = -EBADFD;
1111 ++ break;
1112 + }
1113 + snd_pcm_stream_unlock_irq(substream);
1114 +- if (atomic_read(&substream->mmap_count))
1115 +- return -EBADFD;
1116 ++ if (result)
1117 ++ goto unlock;
1118 + result = do_hw_free(substream);
1119 + snd_pcm_set_state(substream, SNDRV_PCM_STATE_OPEN);
1120 + cpu_latency_qos_remove_request(&substream->latency_pm_qos_req);
1121 ++ unlock:
1122 ++ mutex_unlock(&runtime->buffer_mutex);
1123 + return result;
1124 + }
1125 +
1126 +@@ -1160,15 +1177,17 @@ struct action_ops {
1127 + static int snd_pcm_action_group(const struct action_ops *ops,
1128 + struct snd_pcm_substream *substream,
1129 + snd_pcm_state_t state,
1130 +- bool do_lock)
1131 ++ bool stream_lock)
1132 + {
1133 + struct snd_pcm_substream *s = NULL;
1134 + struct snd_pcm_substream *s1;
1135 + int res = 0, depth = 1;
1136 +
1137 + snd_pcm_group_for_each_entry(s, substream) {
1138 +- if (do_lock && s != substream) {
1139 +- if (s->pcm->nonatomic)
1140 ++ if (s != substream) {
1141 ++ if (!stream_lock)
1142 ++ mutex_lock_nested(&s->runtime->buffer_mutex, depth);
1143 ++ else if (s->pcm->nonatomic)
1144 + mutex_lock_nested(&s->self_group.mutex, depth);
1145 + else
1146 + spin_lock_nested(&s->self_group.lock, depth);
1147 +@@ -1196,18 +1215,18 @@ static int snd_pcm_action_group(const struct action_ops *ops,
1148 + ops->post_action(s, state);
1149 + }
1150 + _unlock:
1151 +- if (do_lock) {
1152 +- /* unlock streams */
1153 +- snd_pcm_group_for_each_entry(s1, substream) {
1154 +- if (s1 != substream) {
1155 +- if (s1->pcm->nonatomic)
1156 +- mutex_unlock(&s1->self_group.mutex);
1157 +- else
1158 +- spin_unlock(&s1->self_group.lock);
1159 +- }
1160 +- if (s1 == s) /* end */
1161 +- break;
1162 ++ /* unlock streams */
1163 ++ snd_pcm_group_for_each_entry(s1, substream) {
1164 ++ if (s1 != substream) {
1165 ++ if (!stream_lock)
1166 ++ mutex_unlock(&s1->runtime->buffer_mutex);
1167 ++ else if (s1->pcm->nonatomic)
1168 ++ mutex_unlock(&s1->self_group.mutex);
1169 ++ else
1170 ++ spin_unlock(&s1->self_group.lock);
1171 + }
1172 ++ if (s1 == s) /* end */
1173 ++ break;
1174 + }
1175 + return res;
1176 + }
1177 +@@ -1337,10 +1356,12 @@ static int snd_pcm_action_nonatomic(const struct action_ops *ops,
1178 +
1179 + /* Guarantee the group members won't change during non-atomic action */
1180 + down_read(&snd_pcm_link_rwsem);
1181 ++ mutex_lock(&substream->runtime->buffer_mutex);
1182 + if (snd_pcm_stream_linked(substream))
1183 + res = snd_pcm_action_group(ops, substream, state, false);
1184 + else
1185 + res = snd_pcm_action_single(ops, substream, state);
1186 ++ mutex_unlock(&substream->runtime->buffer_mutex);
1187 + up_read(&snd_pcm_link_rwsem);
1188 + return res;
1189 + }
1190 +@@ -1830,11 +1851,13 @@ static int snd_pcm_do_reset(struct snd_pcm_substream *substream,
1191 + int err = snd_pcm_ops_ioctl(substream, SNDRV_PCM_IOCTL1_RESET, NULL);
1192 + if (err < 0)
1193 + return err;
1194 ++ snd_pcm_stream_lock_irq(substream);
1195 + runtime->hw_ptr_base = 0;
1196 + runtime->hw_ptr_interrupt = runtime->status->hw_ptr -
1197 + runtime->status->hw_ptr % runtime->period_size;
1198 + runtime->silence_start = runtime->status->hw_ptr;
1199 + runtime->silence_filled = 0;
1200 ++ snd_pcm_stream_unlock_irq(substream);
1201 + return 0;
1202 + }
1203 +
1204 +@@ -1842,10 +1865,12 @@ static void snd_pcm_post_reset(struct snd_pcm_substream *substream,
1205 + snd_pcm_state_t state)
1206 + {
1207 + struct snd_pcm_runtime *runtime = substream->runtime;
1208 ++ snd_pcm_stream_lock_irq(substream);
1209 + runtime->control->appl_ptr = runtime->status->hw_ptr;
1210 + if (substream->stream == SNDRV_PCM_STREAM_PLAYBACK &&
1211 + runtime->silence_size > 0)
1212 + snd_pcm_playback_silence(substream, ULONG_MAX);
1213 ++ snd_pcm_stream_unlock_irq(substream);
1214 + }
1215 +
1216 + static const struct action_ops snd_pcm_action_reset = {
1217 +diff --git a/sound/pci/ac97/ac97_codec.c b/sound/pci/ac97/ac97_codec.c
1218 +index 01f296d524ce6..cb60a07d39a8e 100644
1219 +--- a/sound/pci/ac97/ac97_codec.c
1220 ++++ b/sound/pci/ac97/ac97_codec.c
1221 +@@ -938,8 +938,8 @@ static int snd_ac97_ad18xx_pcm_get_volume(struct snd_kcontrol *kcontrol, struct
1222 + int codec = kcontrol->private_value & 3;
1223 +
1224 + mutex_lock(&ac97->page_mutex);
1225 +- ucontrol->value.integer.value[0] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 0) & 31);
1226 +- ucontrol->value.integer.value[1] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 8) & 31);
1227 ++ ucontrol->value.integer.value[0] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 8) & 31);
1228 ++ ucontrol->value.integer.value[1] = 31 - ((ac97->spec.ad18xx.pcmreg[codec] >> 0) & 31);
1229 + mutex_unlock(&ac97->page_mutex);
1230 + return 0;
1231 + }
1232 +diff --git a/sound/pci/cmipci.c b/sound/pci/cmipci.c
1233 +index 9a678b5cf2855..dab801d9d3b48 100644
1234 +--- a/sound/pci/cmipci.c
1235 ++++ b/sound/pci/cmipci.c
1236 +@@ -298,7 +298,6 @@ MODULE_PARM_DESC(joystick_port, "Joystick port address.");
1237 + #define CM_MICGAINZ 0x01 /* mic boost */
1238 + #define CM_MICGAINZ_SHIFT 0
1239 +
1240 +-#define CM_REG_MIXER3 0x24
1241 + #define CM_REG_AUX_VOL 0x26
1242 + #define CM_VAUXL_MASK 0xf0
1243 + #define CM_VAUXR_MASK 0x0f
1244 +@@ -3265,7 +3264,7 @@ static int snd_cmipci_probe(struct pci_dev *pci,
1245 + */
1246 + static const unsigned char saved_regs[] = {
1247 + CM_REG_FUNCTRL1, CM_REG_CHFORMAT, CM_REG_LEGACY_CTRL, CM_REG_MISC_CTRL,
1248 +- CM_REG_MIXER0, CM_REG_MIXER1, CM_REG_MIXER2, CM_REG_MIXER3, CM_REG_PLL,
1249 ++ CM_REG_MIXER0, CM_REG_MIXER1, CM_REG_MIXER2, CM_REG_AUX_VOL, CM_REG_PLL,
1250 + CM_REG_CH0_FRAME1, CM_REG_CH0_FRAME2,
1251 + CM_REG_CH1_FRAME1, CM_REG_CH1_FRAME2, CM_REG_EXT_MISC,
1252 + CM_REG_INT_STATUS, CM_REG_INT_HLDCLR, CM_REG_FUNCTRL0,
1253 +diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c
1254 +index 83b56c1ba3996..08bf8a77a3e4d 100644
1255 +--- a/sound/pci/hda/patch_realtek.c
1256 ++++ b/sound/pci/hda/patch_realtek.c
1257 +@@ -8866,6 +8866,7 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
1258 + SND_PCI_QUIRK(0x1043, 0x1e51, "ASUS Zephyrus M15", ALC294_FIXUP_ASUS_GU502_PINS),
1259 + SND_PCI_QUIRK(0x1043, 0x1e8e, "ASUS Zephyrus G15", ALC289_FIXUP_ASUS_GA401),
1260 + SND_PCI_QUIRK(0x1043, 0x1f11, "ASUS Zephyrus G14", ALC289_FIXUP_ASUS_GA401),
1261 ++ SND_PCI_QUIRK(0x1043, 0x1d42, "ASUS Zephyrus G14 2022", ALC289_FIXUP_ASUS_GA401),
1262 + SND_PCI_QUIRK(0x1043, 0x16b2, "ASUS GU603", ALC289_FIXUP_ASUS_GA401),
1263 + SND_PCI_QUIRK(0x1043, 0x3030, "ASUS ZN270IE", ALC256_FIXUP_ASUS_AIO_GPIO2),
1264 + SND_PCI_QUIRK(0x1043, 0x831a, "ASUS P901", ALC269_FIXUP_STEREO_DMIC),
1265 +@@ -8949,6 +8950,8 @@ static const struct snd_pci_quirk alc269_fixup_tbl[] = {
1266 + SND_PCI_QUIRK(0x1558, 0x8561, "Clevo NH[57][0-9][ER][ACDH]Q", ALC269_FIXUP_HEADSET_MIC),
1267 + SND_PCI_QUIRK(0x1558, 0x8562, "Clevo NH[57][0-9]RZ[Q]", ALC269_FIXUP_DMIC),
1268 + SND_PCI_QUIRK(0x1558, 0x8668, "Clevo NP50B[BE]", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
1269 ++ SND_PCI_QUIRK(0x1558, 0x866d, "Clevo NP5[05]PN[HJK]", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
1270 ++ SND_PCI_QUIRK(0x1558, 0x867d, "Clevo NP7[01]PN[HJK]", ALC256_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
1271 + SND_PCI_QUIRK(0x1558, 0x8680, "Clevo NJ50LU", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
1272 + SND_PCI_QUIRK(0x1558, 0x8686, "Clevo NH50[CZ]U", ALC256_FIXUP_MIC_NO_PRESENCE_AND_RESUME),
1273 + SND_PCI_QUIRK(0x1558, 0x8a20, "Clevo NH55DCQ-Y", ALC293_FIXUP_SYSTEM76_MIC_NO_PRESENCE),
1274 +@@ -10909,6 +10912,7 @@ static const struct snd_pci_quirk alc662_fixup_tbl[] = {
1275 + SND_PCI_QUIRK(0x1028, 0x069f, "Dell", ALC668_FIXUP_DELL_MIC_NO_PRESENCE),
1276 + SND_PCI_QUIRK(0x103c, 0x1632, "HP RP5800", ALC662_FIXUP_HP_RP5800),
1277 + SND_PCI_QUIRK(0x103c, 0x873e, "HP", ALC671_FIXUP_HP_HEADSET_MIC2),
1278 ++ SND_PCI_QUIRK(0x103c, 0x885f, "HP 288 Pro G8", ALC671_FIXUP_HP_HEADSET_MIC2),
1279 + SND_PCI_QUIRK(0x1043, 0x1080, "Asus UX501VW", ALC668_FIXUP_HEADSET_MODE),
1280 + SND_PCI_QUIRK(0x1043, 0x11cd, "Asus N550", ALC662_FIXUP_ASUS_Nx50),
1281 + SND_PCI_QUIRK(0x1043, 0x129d, "Asus N750", ALC662_FIXUP_ASUS_Nx50),
1282 +diff --git a/sound/soc/sti/uniperif_player.c b/sound/soc/sti/uniperif_player.c
1283 +index 2ed92c990b97c..dd9013c476649 100644
1284 +--- a/sound/soc/sti/uniperif_player.c
1285 ++++ b/sound/soc/sti/uniperif_player.c
1286 +@@ -91,7 +91,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id)
1287 + SET_UNIPERIF_ITM_BCLR_FIFO_ERROR(player);
1288 +
1289 + /* Stop the player */
1290 +- snd_pcm_stop_xrun(player->substream);
1291 ++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN);
1292 + }
1293 +
1294 + ret = IRQ_HANDLED;
1295 +@@ -105,7 +105,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id)
1296 + SET_UNIPERIF_ITM_BCLR_DMA_ERROR(player);
1297 +
1298 + /* Stop the player */
1299 +- snd_pcm_stop_xrun(player->substream);
1300 ++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN);
1301 +
1302 + ret = IRQ_HANDLED;
1303 + }
1304 +@@ -138,7 +138,7 @@ static irqreturn_t uni_player_irq_handler(int irq, void *dev_id)
1305 + dev_err(player->dev, "Underflow recovery failed\n");
1306 +
1307 + /* Stop the player */
1308 +- snd_pcm_stop_xrun(player->substream);
1309 ++ snd_pcm_stop(player->substream, SNDRV_PCM_STATE_XRUN);
1310 +
1311 + ret = IRQ_HANDLED;
1312 + }
1313 +diff --git a/sound/soc/sti/uniperif_reader.c b/sound/soc/sti/uniperif_reader.c
1314 +index 136059331211d..065c5f0d1f5f0 100644
1315 +--- a/sound/soc/sti/uniperif_reader.c
1316 ++++ b/sound/soc/sti/uniperif_reader.c
1317 +@@ -65,7 +65,7 @@ static irqreturn_t uni_reader_irq_handler(int irq, void *dev_id)
1318 + if (unlikely(status & UNIPERIF_ITS_FIFO_ERROR_MASK(reader))) {
1319 + dev_err(reader->dev, "FIFO error detected\n");
1320 +
1321 +- snd_pcm_stop_xrun(reader->substream);
1322 ++ snd_pcm_stop(reader->substream, SNDRV_PCM_STATE_XRUN);
1323 +
1324 + ret = IRQ_HANDLED;
1325 + }
1326 +diff --git a/sound/usb/mixer_maps.c b/sound/usb/mixer_maps.c
1327 +index 55eea90ee993f..6ffd23f2ee65d 100644
1328 +--- a/sound/usb/mixer_maps.c
1329 ++++ b/sound/usb/mixer_maps.c
1330 +@@ -536,6 +536,16 @@ static const struct usbmix_ctl_map usbmix_ctl_maps[] = {
1331 + .id = USB_ID(0x1b1c, 0x0a41),
1332 + .map = corsair_virtuoso_map,
1333 + },
1334 ++ {
1335 ++ /* Corsair Virtuoso SE Latest (wired mode) */
1336 ++ .id = USB_ID(0x1b1c, 0x0a3f),
1337 ++ .map = corsair_virtuoso_map,
1338 ++ },
1339 ++ {
1340 ++ /* Corsair Virtuoso SE Latest (wireless mode) */
1341 ++ .id = USB_ID(0x1b1c, 0x0a40),
1342 ++ .map = corsair_virtuoso_map,
1343 ++ },
1344 + {
1345 + /* Corsair Virtuoso (wireless mode) */
1346 + .id = USB_ID(0x1b1c, 0x0a42),
1347 +diff --git a/sound/usb/mixer_quirks.c b/sound/usb/mixer_quirks.c
1348 +index d48729e6a3b0a..d12b87e52d22a 100644
1349 +--- a/sound/usb/mixer_quirks.c
1350 ++++ b/sound/usb/mixer_quirks.c
1351 +@@ -3362,9 +3362,10 @@ void snd_usb_mixer_fu_apply_quirk(struct usb_mixer_interface *mixer,
1352 + if (unitid == 7 && cval->control == UAC_FU_VOLUME)
1353 + snd_dragonfly_quirk_db_scale(mixer, cval, kctl);
1354 + break;
1355 +- /* lowest playback value is muted on C-Media devices */
1356 +- case USB_ID(0x0d8c, 0x000c):
1357 +- case USB_ID(0x0d8c, 0x0014):
1358 ++ /* lowest playback value is muted on some devices */
1359 ++ case USB_ID(0x0d8c, 0x000c): /* C-Media */
1360 ++ case USB_ID(0x0d8c, 0x0014): /* C-Media */
1361 ++ case USB_ID(0x19f7, 0x0003): /* RODE NT-USB */
1362 + if (strstr(kctl->id.name, "Playback"))
1363 + cval->min_mute = 1;
1364 + break;
Report Message
Find on MARC Find on Google Groups